Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes "Researchers at the Kaspersky Lab have uncovered a zero-day Adobe Flash vulnerability that affects Windows, OS X, and Linux. 'While the exploit Kaspersky observed attacked only computers running Microsoft Windows, the underlying flaw, which is formally categorized as CVE-2014-1776 and resides in a Flash component known as the Pixel Bender, is present in the Adobe application built for OS X and Linux machines as well.' Adobe has reportedly patched the bug for all platforms. Researchers first detected the bug from attacks performed on seven Syrian computers. The attacks seem to have been hosted on the Syrian Ministry of Justice website, which has led to speculation that these are state-sponsored vulnerability exploits. This speculation is further supported by evidence that one of the exploits was 'designed to target computers that have the Cisco Systems MeetingPlace Express Add-In version 5x0 installed. The app is used to view documents and images during Web conferences.'"

Hah You should see my wine install. It only has IE6 and it's like a bug farm in there. Whenever something doesn't work in wine, I halfway suspect it has more to due with all the windows viruses it has collected than any actual problems with wine.

Here is a serious answer -> All iPads, iPhones and newer Macs don’t use Flash. You don’t even need a browser, but can download hundreds of games, many of them for free. Most of those free ones are far better than anything using Flash. Many of those games even work without an Internet connection, which none of the Flash-based games do.

Here is a serious answer -> All iPads, iPhones and newer Macs don’t use Flash. You don’t even need a browser, but can download hundreds of games, many of them for free. Most of those free ones are far better than anything using Flash. Many of those games even work without an Internet connection, which none of the Flash-based games do.

Adobe quite writing Flash for android a few years ago, youtube works just fine, it breaks some sites but in the long run better for it.

February 23, 2012"Adobe has published roadmap for its Flash Player and its desktop counterpart, Adobe AIR. Overall the company expects Flash to cater predominantly to gaming and premium video markets. And as stated before, mobile version will no longer be developed."

Some replied to me about not being on a Win8 system as it was different somehow, the above was posted before M

One of the best things Steve Jobs ever did for the security of computing around the world is slowly crush Flash under his heel.

It's bad.It's always been bad. Apparently, it will always be bad.

Just let it die. It's a CPU and memory hog (another good reason not to use it on mobile; the CPUs these days can handle it, but it's bad for battery life) and it's a massive security hole. Why in the world should it get a pass? Someone at Adobe should've nuked it from orbit years ago.

Apple for good reason does not allow Flash on any of their devices. I can still download it from Adobe for my Mac if I first change a setting in the control panel that by default prevents this. So far I have resisted the temptation. What do instead is fool the Flash infested websites, mostly videos, that I am using an iPad and then like magic the video usually works just fine. There are many YouTube videos that behave this way. I don’t play games, so Flash might as well not exist.

One of the best things Steve Jobs ever did for the security of computing around the world is slowly crush Flash under his heel.

It's bad.It's always been bad. Apparently, it will always be bad.

Just let it die. It's a CPU and memory hog (another good reason not to use it on mobile; the CPUs these days can handle it, but it's bad for battery life) and it's a massive security hole. Why in the world should it get a pass? Someone at Adobe should've nuked it from orbit years ago.

The inefficiency seems to be getting worse with time. My 2007 PC used to be able to watch 480p Flash videos no problem. Now it studders and stalls, revving the CPU up to 100% while Flash draws in the 2D frame buffer with a crayon. And for inexplicable reasons there seems to be a memory leak: if I watch one Youtube video after another, eventually the Flash process approaches 2GB Working set, and crashes. Doesn't matter the browser.

If I download the raw FLV file and play it in VLC, MPC-HC, etc the CPU sips po

And in an era of bandwidth caps not keeping up with advances in monitor resolutions, this transmission as video is an order of magnitude inefficient in bitrate. Why is it beneficial in the long run to just accept this gross inefficiency?

Thanks; I wasn't aware that those existed. But among mass-market smartphones and tablets shipped in the past three years, how common are the SOCs with "Yes" in the "VP8 Decode" column? And what would keep a third-party SWF player from using OpenGL ES acceleration to render the vectors of an SWF?

Sure, but when you are talking about Facebook, Yahoo, Cartoon Network, Disney, et cetera the goal is to have people stay on your website playing their stupid games. Take it out of the browser and they aren't on your site. Mobile apps still keep a strong tie with the ad/analytics network that feeds the cash cows. Free games need to maintain their product, the users' data.

Sorry, but Flash has been a giant security hole for about as long as it has existed.

You want to play casual games in Flash, that's your choice.

But I've been happily avoiding Flash for a decade or so, and have yet to find a single website I cared enough about to install Flash. Occasionally I need to use it for work, which means a very specific machine, running IE -- which is only used for these kinds of garbage that HR thinks I

As unpopular as it is to say here on HTML-5-worshiping Slashdot, it's true. Flash can still do a lot of things that are either impossible on other platforms, or which suck on other platforms. Try implementing the average Flash game in HTML 5 (can't do it at all) or Java (can do it, but it will bring your system to a crawl) sometime.

Don't shoot the messenger just because you wish the message weren't true.

I just, like many others, wish someone would actually fucking *elaborate* on *concrete* *technical* hurdles of HTML5. We are not denying there are none, but just saying "you are clueless if you need to ask" is not going to help your position. We don't want to argue with you but we want you to actually explain yourselves. Gee, this thread is so frustrating.

I just, like many others, wish someone would actually fucking *elaborate* on *concrete* *technical* hurdles of HTML5.

HTML5 has no guaranteed audio or video codec. Some browsers support only free codecs from Xiph and On2, others only patented codecs from Dolby and MPEG-LA. HTML5 implementations in use provide no consistent way for the application to request access to the camera and microphone. Neither IE nor Safari implements the Stream API at all, and Firefox and Chrome implement prefixed (that is, proprietary) versions of it [caniuse.com]. And on my laptop in Firefox 28, this particle system [themaninblue.com] runs at 20 fps in Flash, 9 fps in HTML5 Canvas, and 5 fps in SVG. Unlike HTML5 JavaScript, ActionScript has static typing and class-style inheritance, and some developers prefer those. Finally, copies of old versions of Flash for making vector animations are sold on the secondary market; Edge Animate is available only on a rental basis through Creative Cloud. I'd be interested to see what workarounds you recommend for these.

Uh... what the hell is wrong with your laptop? That test is from 2010. I got 50FPS in HTML, 121 in Canvas, and 81 in SVG (rough averages, neither the highs nor the lows). I suppose I could try it in Flash but that would require enabling Flash, so no.

2-year-old Lenovo Thinkpad laptop, 1920x1080 display, Core i7 @ 2.5GHz, Windows 7, IE11.Is your computer from a decade ago or something?MS has put a lot of effort into IE performance, but it's not supposed to be a factor of 12x-16x better than Firefox!

Your quote of a dollar amount for the processor alone implies it's a home-built desktop PC. My numbers would probably be much better too on a full-size desktop PC as opposed to a subnotebook or tablet.

There is nothing that Flash can do on the millions of iPads, iPhones and modern Macs, because it won’t run on any of them. On the rest of the devices out there, such as Android and Windows, Flash can be and often has been a fabulous way for malware writers to infiltrate your device.

The fact that you're asking why HTML5 isn't usable for games just shows that you're really not familiar with either platform.

Please tell me you're not actually trying to make the case that HTML5 is usable for video game development.

Nature abhors a vacuum Lorizean. HTML5 sure isn't being ignored because it hasn't been hyped enough yet. As the other poster said, "show me Kingdom Rush written in HTML5 and I'll begin to think you're not a troll".

curse you for reminding me that exists i'm going to be wrangle gramas for weeks now

i've seen quite a few html5 games over the years, lemmings was one of them i can't really think of any else off hand, hell i remember seeing decent games back when it was called dhtml and the celeron 300A was around

anyway got hooked on fricken cookie clicker again before i even finished making this post so again curse you

The link you posted says it's fallacious to point out that SOMETHING is worse, that the thing under discussion isn't the WORST choice. That's a mistake because we should be looking for the BEST choice, not merely avoiding the worst one.

GP is arguing that Flash is the BEST choice in some scenarios, that ALL options are worse. That's fundamentally different from arguing that SOME options are worse. GP's argument is perfectly logical. Whether or not all of the alternatives actually ARE worse is another que

For too many software development companies, "alpha" now means, "Hop on board now because this is the next new hotness, and you can be one of the cool kids." "Beta" now means, "We're bored with this and have moved on to something else."

You know it's funny, but I do take issue with the suggestion that shadertoy is written in javascript. It's not, it's written in whatever they call that shader language these days. The javascript just ships a bunch of shader code onto the graphics card, and then sits back and takes the credit. It's not even really HTML5 either, it's just a bunch of code running on your graphics card.

If you were to attempt to write an actual game in HTML5, with things like physics and opponent AI and all the stuff we've grown

Compared to Windows. All comparisons to product security are inherently compared to the most commonly used piece of software in the world, MS Windows. Microsoft in recent years has created a strong security culture, deploying patches rapidly and in a consistent manner.

Adobe, their collective soul to the devil, has not done this, despite being on many many platforms. A few years ago when the US DoHS went after Java for being having awful security, the one they should have been targeting was Adobe. Both F

I never installed flash and I rarely find web pages that require it. I've noticed a slow migration away from it as well. One or twice a year I check some websites that required flash in the past and some no longer do so. YMMV.

It does not seem that difficult to go without flash and it is getting easier every day.

Just for fun I tried to watch a video on Hulu with Safari and sure enough they told me I had to have Flash installed in order to watch their stuff. Then I told Safari to lie to them and tell them that I am using an iPad. Low and behold the videos worked like a charm. Why do sites like Hulu and others still require that people have this malware vector installed on their systems?

I deliberately do not install Flash on my computers _and_ I deliberately choose to not install any of the third-party work-alikes.

If the content owner only publishes content in a SWF, it is not worth my bother to look at it. Okay, I can't view video clips in Facebook, but if it is an embedded youtube video, usually I can view it just fine by going to youtube's website.

If the content owner only publishes content in a SWF, it is not worth my bother to look at it.

Animutations and other vector animations are usually much smaller in their original SWF than they are when transcoded to MPEG-4 or WebM video. In this era of monthly caps, rendering to pixels can't always compete with the bandwidth efficiency of vectors. You're not going to get, say, "We Drink Ritalin" by Robinson Wilburn [albinoblacksheep.com] (parody fan video for the song "Hot Limit" by John Desire, which incidentally introduced me to DDR) as small in MP4 as it is in SWF, probably not even with H.266 when it does exist.

Okay, I can't view video clips in Facebook, but if it is an embedded youtube video, usually I can view it just fine by going to youtube's website.

The Flash version of this Flash vs. SVG benchmark [themaninblue.com] runs at 22-23 fps on a laptop with an Atom N450 CPU, which is nearly four times the speed of SVG (6 fps) in Firefox 29 on the same laptop. Set quality to low and it shoots up to 31-32 fps.

Tools

The page you linked on creativedroplets.com mentions Edge Animate. But second-hand copies of old versions of Flash are widely available, while Edge Animate is available only by subscription.

I suggest you get a new laptop. I get 120fps on the 1000 object version at full quality. The argument that there are more tools for an old technology than a new one is missing the point. The tools will come and there are many ways to create SVG.

Just call the CEO (as a parent from some morals protection group) and ask why they are still promoting that "porn player app". It'll get ported to something else on their IT department's double emergency overtime program.

I'm not a Flash developer, so I'm asking very seriously: is there a compelling reason to keep using Flash in 2014? For the past several years, the only notable things associated with this technology have been major security holes.

I don't have Flash on my latest Linux laptop (Debian distro). And YouTube seems to work fine*. I suspect that they are already falling back to HTML5. The only people that seem to be hanging onto Flash are porn sites who want to do some digging around on your system in the background while you are fapping.

*The occasional annoying "you need a plugin..." message but then the video just plays.

Yes, 2-way HD Video Chat on Desktop Browsers and Native Apps with Adobe Air. In a couple years real time video communication will be fulfilled in Browser with WebRTC, but WebRTC is not ready and only supported on a couple browsers. Until then the only reliable method to get 2-way HD Video Conferences in both the Browser and Native Apps is with Adobe Flex streaming to a Media Server such as FMS or Wowza.

There is a non-trivial demand for highly interactive stuff on the web. You may not be interested in that, but many people are and thus many developers are. Well, only Flash really does anything approaching a competent job of that. If you want to make something like a game, that runs on all the major browsers and all the major platforms, Flash can do that. Anything else, it is a crap shoot.

For example I remember when the HTML5 Angry Birds came out. Ok, interesting, I'd like to see that. In Chrome, it works m

SFW, as long as you aren't drinking anything you wouldn't want to spit up on your keyboard when you're reading it, otherwise your employer's IT department might not be happy about having to deal with the results of your spit-take.

I just reinstalled my OS a few weeks ago and never reinstalled flash. Despite a profuse amount of websurfing and watching videos here and there, I haven't needed flash yet.

Fewer annoying, moving, sound-producing site navigation controls, better battery life on my laptop when watching videos, and fewer horrible security vulnerabilities to worry about! Dumping Flash is something I should have done long ago!

Or just set it to "click to run", that way a redirect to a malicious website will do nothing, a compromised banner ad will do nothing so they'd have to compromise actual flash content on a site you use. For bonus points you don't see flash ads. And if it gets too annoying to do a single click extra, you can always set up an exception for that site.

Personally what I miss the most these days is a setting to really block everything from opening up a new tab/window, no matter what link I clicked. Despite having

And this is why you don't install third party "goodies" on your linux workstations (unless you are looking for just a play machine.).

There's a reason distros separate things into free/nonfree or main/universe. The first thing everyone does is go out and get 'multiverse.' Heck, if that's what you want, you might as well stick with windoze...

Right, because there's never critical vulnerabilities in widely-used open source software. I mean, anything as sensitive as, say, an SSL library would obviously be thoroughly tested and code reviewed to prevent any kind of trivially exploitable error that looks like something a CS freshman student might make. Thank goodness neither OpenSSL nor GnuTLS are required by any common free software, for example...